CVE-2026-25376
Reflected XSS in eyecix Addon Jobsearch Chat
Publication date: 2026-03-25
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eyecix | addon_jobsearch_chat | to 3.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-site Scripting (XSS) issue found in the eyecix Addon Jobsearch Chat addon-jobsearch-chat. Specifically, it is a Reflected XSS vulnerability caused by improper neutralization of input during web page generation. This means that the addon does not properly sanitize user input before including it in web pages, allowing attackers to inject malicious scripts.
How can this vulnerability impact me? :
The Reflected XSS vulnerability can allow attackers to execute malicious scripts in the context of the affected website. This can lead to theft of user credentials, session hijacking, defacement of the website, or redirection to malicious sites, potentially compromising user data and trust.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The CVE-2026-25376 vulnerability is a reflected Cross Site Scripting (XSS) issue that allows attackers to inject malicious scripts into affected websites. This can lead to unauthorized actions or data exposure when visitors interact with the compromised site.
Such unauthorized data exposure or manipulation can potentially impact compliance with common standards and regulations like GDPR or HIPAA, which require protection of personal and sensitive data from unauthorized access or disclosure.
However, the provided information does not explicitly detail the direct impact of this vulnerability on compliance with these regulations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The CVE-2026-25376 vulnerability is a reflected Cross Site Scripting (XSS) issue affecting the WordPress Addon Jobsearch Chat Plugin up to version 3.0. Detection typically involves monitoring for suspicious HTTP requests that include malicious script payloads targeting the plugin's input fields.
While specific commands are not provided, common detection methods include using web application firewalls (WAFs) with rules to detect XSS payloads, analyzing web server logs for unusual query parameters or POST data containing script tags, and employing security scanners that test for reflected XSS vulnerabilities.
For example, you can use tools like curl or wget to test for reflected XSS by sending crafted requests to the plugin's input points and observing if the input is improperly reflected in the response without sanitization.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update the Addon Jobsearch Chat Plugin to version 3.1 or later, where the vulnerability has been patched.
If immediate updating is not possible, applying the mitigation rule provided by Patchstack to block attacks targeting this vulnerability is recommended.
Additionally, users should seek assistance from their hosting provider or web developer to implement temporary protections such as web application firewall rules or other security measures.
Patchstack also offers automatic updates and continuous security monitoring to help protect WordPress sites from such threats.